Meet the expert: let’s talk cybersecurity with Andrew Mathenge

Posted for Members, September 26, 2018

Andrew Mathenge is the Director of Information Technology at the CAAT Pension Plan. An important part of Andrew’s responsibilities is cybersecurity.

This month, Andrew talks about the importance of cybersecurity at the CAAT Pension Plan and at home.

Why is cybersecurity important at the CAAT Pension Plan?

We are custodians of personal information that is needed to administer our members’ pensions. Securing this information is of paramount importance. To do this, we provide security training to staff, specifically around email phishing, which is a form of fraud. In a phishing attack, the attacker sends an email that pretends to be from a reputable company in order to gain an individual’s trust. The attacker wants to trick the individual into either giving personal information, or clicking a link which introduces malicious software onto their computer. Since email is the most common method for cyberattacks, we are security conscious when using email.

Why is cybersecurity important at home?

For similar reasons to its importance at the CAAT Pension Plan – you need to make sure that your online transactions, such as banking and shopping, remain secure. It’s also important that your personal information from any transactions remain confidential and can’t be stolen through a website or phishing email.

What is your number one rule about making sure online information is secure?

There’s really no one solution, but it’s important to be prudent, educate yourself, and be suspicious of most emails and websites. Know what to look for: check emails for authentic email addresses, and don’t reply or click links in an email if the address is suspicious, or you don’t know the sender. Never, ever give out any personal information over email unless you are sure you know the sender or organization who made the request.

Most reputable companies will never ask for your personal information out of nowhere. Governments also never send emails asking for information, and they never send emails with links to click for more information.

Why are you passionate about your role?

This is an exciting time to be in technology. Everything we do at the CAAT Plan has a technology component, so I have the opportunity to interact with all the business units, which means I have a good view of how technology enhances productivity and the way we do things internally and for our members and employers.

What do you like best about your role at the CAAT Plan?

I work with a great team that loves technology, and specifically loves making sure that staff have a safe digital environment to work in. I enjoy providing solutions and services that enable productivity while still protecting and limiting risk for the CAAT Plan’s systems. The team is constantly creating ways to make things better. Technology is moving really fast, and I’m thrilled to be part of the team to evaluate, enable, and secure up-to-date technology for the organization.

If there were one piece of advice you’d give members to ensure their personal online information is secure, what would it be?

Don’t put any personal information online unless it’s through a secure method with an organization that you already trust and know the website and/or email are authentic.


How to detect a phishing email

Before opening an attachment or clicking on a link in an email, ask yourself the following questions:

  • Does the email address appear suspicious or phony? Some hackers create email addresses that appear to be from a legitimate organization, so look for unusual characters or typos in the sender’s full email address. The way you view the full email address will vary by email software and device. Remember to always think critically before clicking links in an email if the sender seems suspicious.  
  • Are there typos, spelling mistakes, or poor grammar in the content of the email?
  • Does this email ask me to provide personal information?
  • Am I being offered something that is too good to be true?
  • Is the sender asking me to click links or open an attachment with a sense of urgency?

If you answer “yes” to any of the questions above, you should think twice before trusting the email.

Cybersecurity tips

Here are a few useful tips to help you keep your personal information secure:

  • Be suspicious of emails you receive if you don’t know the sender. If you receive an email from an organization that makes you question why they are contacting you, you can always call the company to ask if the email is safe.
  • Be cautious when sharing personal information online. It’s OK to provide information to a trusted organization through their secure website.
  • Always use a strong password. Eight letters are not enough – use a mix of letters, numbers and symbols, and use different passwords for different accounts. Some websites even offer two-factor authentication, which provides an extra layer of security by requesting not only a password and username, but also a piece of evidence that only the user has. While it may take slightly longer to log in and use the services offered on the website, the additional security makes it safer for users. 
  • Never send your social insurance number by email. Reputable companies never ask for this information over email.

Secure communications with the Plan

The security of your personal information is important to us. There are a number of ways that the CAAT Plan ensures your information is always secure. If you email us with a personal question, you will be required to verify your identity first through our authentication protocols, like confirming your Member ID. If we need to send you any confidential documents, it will always be through our secure transfer site, S-Doc. These protocols ensure we keep your information confidential.

Occasionally, you will receive news emails from us with links to our website. However, these emails will never ask you to reply to the email or send any personal information.

If you are ever suspicious of an email coming from the CAAT Pension Plan, please contact member services at 416-673-9000 to verify the authenticity of the email.